Search for:

In brief

On 20 March 2021, the Philippine National Privacy Commission (NPC) answered a new batch of frequently asked questions regarding eRehistro, specifically with regard to the commission’s validation process, user credentials and the certificate of registration.

For previous responses from the NPC on this topic, check out our earlier client alert here.


Recommended actions

While we continue to await the issuance of the formal guidelines by the NPC regarding the eRehistro system, we recommend that personal information controllers (PICs) and personal information processors (PIPs) keep themselves updated by monitoring developments shared by the NPC through both its social media channels and official website. Our firm continues to closely monitor this compliance matter and we will provide more updates in due course.

In more detail

Validation process

After creating an eRehistro account, PICs and PIPs may proceed to upload their documentary requirements1 using the online system in order to complete the application process. The NPC will then validate the application and determine the completeness and correctness of the submission. Thereafter, the commission will notify the PIC or PIP, through the latter’s registered email address, regarding the status of its application, specifically whether it is already “For Approval” or is “Invalid.”

If the NPC finds the PIC or PIP’s application to be complete and accurate, the eRehistro system will send a notification stating that the application has been approved. The NPC will then issue the certificate of registration within seven (7) days.

In case the NPC finds the application to be incomplete and/or inaccurate, the PIC or PIP will receive a notification to this effect, and shall be provided an opportunity to re-submit or complete the required documents for registration.

Registered email address

The NPC recommends using an official or business email address when creating an eRehistro account in order to ensure access by PICs and PIPs.

Effects of registration

The issuance of a certificate of registration by the NPC does not automatically mean that the PIC or PIP is fully compliant with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the issuances of the NPC, as the registration of both Data Protection Officers and Data Processing Systems is only one of several other compliance points under the law. Hence, despite receiving the certificate of registration, PICs and PIPs are still required to comply with all other data privacy-related requirements which include, among others, upholding the rights of data subjects, ensuring the security of personal data during processing, and adhering to the general data privacy principles of proportionality, transparency and legitimate purpose.


1 To know more about the documentary requirements that need to be uploaded to eRehistro, please refer to our earlier client alert here.

Author

Bienvenido Marquez III is a partner and head of Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. He is also a member of Baker McKenzie's Asia Pacific Intellectual Property Steering Committee. He is experienced in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions and cybercrime matters. He also counsels clients on compliance with consumer product laws, including packaging, labeling and regulatory requirements for food, drugs and devices and cosmetics, and conducts administrative litigation relating to the same.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Neonette Pascual is an associate in Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. She has nine years of experience handling matters involving contracts, incorporation, compliance, litigation, and corporate housekeeping. Prior to joining Quisumbing Torres, Ms. Pascual worked as legal counsel for the Philippine offices of two global outsourcing services companies

Author

Jose Angelo Tiglao is an associate with the Intellectual Property, Data and Technology Practice Group as well as the Technology, Media & Telecommunications Industry Group at Quisumbing Torres. He ranked sixth in his batch upon graduation from De La Salle University College of Law, where he also received the Most Outstanding Thesis award for his thesis on social media and fake news regulation in the Philippines. He is both a Certified Information Privacy Professional (Europe) and a Certified Information Privacy Manager by the International Association of Privacy Professionals (IAPP) and is currently the Assistant Corporate Secretary of the Licensing Executives Society Philippines.